Reference from ESORICS proceedings


6th European Symposium on Research in Computer Security (ESORICS 2000)

A Distributed Access Control Model for Java

Refik Molva, Yves Roudier

Keywords : Java, access control model, distribution, SPKI, capabilities

Abstract : Despite its fully distributed and multi-party execution model, Java only supports centralized and single party access control. We suggest a new access control model for mobile code that copes with the shortcomings of the current access control model of Java. This new model is based on two key enhancements: the association of access control information with each mobile code segment in the form of attributes and the introduction of intermediate elements in the access control schema. The combination of the current ACL-based approach with the capability scheme achieved through mobile code attributes allows the new access control model to address dynamic multi-party scenarios while keeping the burden of security policy configuration at a minimum. We finally sketch the design of an access control system based on the proposed model using Simple Public Key Infrastructure (SPKI) certificates.

(Pages 291-308)


Proceedings table of contents